

''' -----------------------------------------------------------------------------
''' Project	 : Objects
''' Class	 : cSecurePage
''' 
''' -----------------------------------------------------------------------------
''' <summary>
''' If a page is needed to be secure then the page must inherit this object.  An entry in SEC_Objects 
''' must exist for the page
''' </summary>
''' <remarks>
''' </remarks>
''' <history>
''' 	[mccleta]	3/2/2005	Created
''' </history>
''' -----------------------------------------------------------------------------
Public Class cSecurePage
    Inherits cPage

    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' Checks to see if the current user has permission to the current page.  If not they are redirected to 
    ''' the Security Request page.
    ''' </summary>
    ''' <returns></returns>
    ''' <remarks>
    ''' </remarks>   
    ''' -----------------------------------------------------------------------------
    Protected Function CheckPageSecurity() As Boolean
        If Not IsPostBack Then
            If CurrentUser.Name.Length > 0 Then
                'If User.Identity.Name.Length > 0 Then
                Dim loSecurity As Security.Validation = New Security.Validation
                ' Dim loControl As Web.UI.Control
                If CurrentUser.IsMember("Administrator") Then
                    Return True
                Else
                    Dim loParentSecObject As Security.SecurityObject = New Security.SecurityObject(Request.Url.AbsolutePath)
                    If CurrentUser Is Nothing Then
                        Redirect("/errors/lockout.aspx")
                    ElseIf Not loSecurity.ValidatePage(Request.Url.AbsolutePath, CurrentUser.GUI) Then
                        Redirect(SecurityRedirectURL(loParentSecObject.ObjectID))
                    End If

                    For Each loChildSecObject As Security.SecurityObject In loParentSecObject.ChildObjects
                        Dim loCtl As Web.UI.Control = Page.FindControl(loChildSecObject.Name)
                        If Not loCtl Is Nothing Then
                            loCtl.Visible = loChildSecObject.UserHasPermission(CurrentUser.GUI)
                        End If
                    Next
                End If
            End If
        End If
    End Function

    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' Checks to see if the current user has access to a given control.
    ''' </summary>
    ''' <param name="psControlName">ID of the Control.  This should be the Name entry in SEC_Objects</param>
    ''' <returns></returns>
    ''' <remarks>
    ''' </remarks>   
    ''' -----------------------------------------------------------------------------
    Protected Function CheckSecurityByControlName(ByVal psControlName As String) As Boolean

        Dim loSec As Security.Validation = New Security.Validation
        Return loSec.ValidateForControl(Request.ServerVariables("URL"), psControlName, CurrentUser.GUI.ToString)

    End Function

    Private Shadows Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.Load

        CheckPageSecurity()

    End Sub

End Class
